Pages

22 August 2023

Mounting Cyber Espionage and Hacking Threat from China

Vaishali Basu Sharma

Earlier this month a ransomware attack on America’s Prospect Medical Holdings, which operates dozens of hospitals and hundreds of clinics and outpatient centres across the states of Connecticut, Rhode Island, Pennsylvania and Southern California was forced to shut off its centres in several locations as the healthcare system experienced software disruptions. In June India’s premier hospital, the All India Institute of Medical Sciences (AIIMS) faced a malware attack on its systems which was thwarted by its cyber-security systems. This is not the first time that the premier hospital’s data was breached. In November 2022, AIIMS had experienced a cyberattack within weeks of announcing that from January 2023, it would operate on a completely paperless mechanism. The cyber attack which involved ransomware, designed to deny a user or organisation access to files, lasted for nearly a month affecting the profile of almost 4 crore patients – affecting registration, appointments, billing, laboratory report generation, among other operations of the hospital. Regarding the quantum of data that was compromised, the government revealed that “five servers of AIIMS were affected and approximately 1.3 terabytes of data was encrypted.”

Till June this year, Indian Government organisations faced over one lakh cyber security incidents and financial institutions saw over four lakh incidents. Data presented by the Indian Computer Emergency Response Team (CERT-In), which has the mandate of tracking and monitoring cybersecurity incidents in India, indicates rising Cyberattacks to government organisations. or systems year on year. From 70798 in 2018, to 112474 in 2023 (up to June) incidents of cyber attacks have been on the rise, on a year on year basis. Presenting this data at the Parliament, Minister for electronics and IT Ashwini Vaishnaw said, “With innovation in technology and rise in usage of the cyberspace and digital infrastructure for businesses and services, cyber-attacks pose a threat to confidentiality, integrity and availability of data and services, which may have direct or indirect impact on the organisation.”

A lot of the hacking activity points towards China. Western intelligence agencies are becoming increasingly wary of digital intrusion by hacking teams that they believe are being backed by China’s government. Almost a decade ago, American computer security firm Mandiant had made the startling claim that these hacking groups are operated by units of China’s army. The firm was able to trace an overwhelming percentage of the attacks on American corporations, organisations and government agencies to a building on the outskirts of Shanghai. Mandiant made the case that the building was one of the bases of the People’s Liberation Army’s corps of cyberwarriors. US intelligence analysts have detected that a central element of Chinese computer espionage is Unit 61398 which targets American and Canadian government sites. Mandiant, which was hired by The New York Times, found that hacker groups like “Comment Crew” or “Shanghai Group” were behind hundreds of attacks on U.S. companies, focusing “on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks” thereafter bringing that information to the military unit 61398.

In their defence the China’s authorities simply denied any form of state-sponsored hacking, and have in turn dubbed the US National Security Agency (NSA) as “the world’s largest hacker organisation.”

Nonetheless, since the 2013 revelations, Chinese hacking teams have generated a lot of interest and Western cybersecurity companies and intelligence agencies have accused them of global digital incursion. They allege that Chinese government-backed hackers attempt to target everything from government and military organisations to corporations and media organisations.

Most recently in the footsteps of the incident involving the Chinese spy balloon Microsoft claimed that in an ongoing effort Chinese state-sponsored hackers group ‘Storm-0558’ was forging digital authentication tokens to gain unauthorised access to Microsoft’s Outlook accounts and urged users “close or change credentials for all compromised accounts”. On May 24, Microsoft and US intelligence state-sponsored hackers of ‘Volt Typhoon’ were engaged in ongoing spying of critical US infrastructure organisations ranging from telecommunications to transportation hubs, using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, and had been active since mid-2021.

According to US cybersecurity firm Palo Alto Networks cyber espionage threat group ‘BackdoorDiplomacy’ has links to the Chinese hacking group called ‘APT15’and they are all involved in cyber intrusions and financially motivated data breaches for the Chinese government. During the visit by then-US House of Representatives Speaker Nancy Pelosi to Taipei, APT27 initiated a range of cyber attacks targeting Taiwan’s presidential office, foreign and defence ministries as well as infrastructure such as screens at railway stations. Television screens at 7-11 convenience stores in Taiwan Began to display the words: “Warmonger Pelosi, get out of Taiwan!”

Mara Hvistendahl’s article in Foreign Policy, 2017 ‘China’s Hacker Army’ estimated China’s “hacker army” anywhere from 50,000 to 100,000 individuals, but rejected the belief that it was a monolithic cyber army. Mara contends that Chinese hackers are for the most part dangerous ‘freelancers’ whose ‘causes neatly overlap with the interests of the Chinese government’ and these hackers are left alone as long as they target foreign sites and companies.

Although cyber attacks have gone up globally, data by Check Point, an American-Israeli software company, reveals that weekly cyber attacks in India have gone up by 18 per cent this year, which is 2.5 times more than the global increase. Furthermore the cyber attacks are becoming more sophisticated as hackers try to weaponize legitimate tools for malicious gains. For instance the use of ChatGPT for code generation, enables hackers to effortlessly launch cyberattacks.

Last year in a massive case of cyber espionage, Chinese-linked hackers broke into mail servers operated by the Association of Southeast Asian Nations (ASEAN) in February 2022 and stole sensitive data. At the recent ‘Conference on Crime & Security on the theme of ‘NFTs, AI and the Metaverse’, current G20 President India, has highlighted the need for cooperation to build cyber-resilience in an increasingly connected world. Both cyber attacks and cyber crimes have national security implications.

In India, investigations into the cyberattack, which had crippled the functioning of India premier health institution AIIMS, revealed that “the IP addresses of two emails, which were identified from the headers of files that were encrypted by the hackers, originated from Hong Kong and China’s Henan province”.

Earlier this year, US Federal Bureau of Investigation (FBI) Director Christopher Wray had an alarming metric, – that Chinese hackers outnumber FBI cyber staff 50 to one. Addressing a Congressional panel he said, China has “a bigger hacking programme than every other major nation combined and has stolen more of our personal and corporate data than all other nations — big or small — combined.”

China is today home to some of the most sophisticated hackers, whose capabilities have only improved with time. Their motivations and actions might be independent but are conveniently entwined. However, much more needs to be understood about the hacker culture from China in recent years, if the menace of cybercrime and ransomware is to be mitigated successfully .

No comments:

Post a Comment